package com.example.login.securitylogin.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;

import javax.sql.DataSource;

/**
 * Created by luoyiliang on 2017/7/13.
 */
@Configuration
@EnableWebSecurity
@ComponentScan(basePackages = {"com.example.login.securitylogin.web.*"})
// spring security的Bean上下文环境
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
	@Autowired
	private DataSource dataSource;

	/***
	 * 配置user-detail服务(用户存储)
	 * @param auth
	 * @throws Exception
	 */
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception
		{
			/*// 用户存储在内存中
			auth.inMemoryAuthentication().withUser("user")
					.password("user").roles("USER").and().withUser("admin")
					.password("admin").authorities("ROLE_USER","ROLE_ADMIN");*/


			// 使用spring提供的数据库访问用户存储
			auth.jdbcAuthentication().dataSource(dataSource).usersByUsernameQuery(
					"SELECT username,password,true FROM users WHERE username = ?")
					.authoritiesByUsernameQuery("SELECT username,authority FROM "
							+ "authorities WHERE username = ?")
					.passwordEncoder(new Md5PasswordEncoder());

			/*// 使用自定义用户存储
			auth.userDetailsService(myUserService);*/

		}

	/***
	 * 配置如何通过拦截器保护请求
	 * @param http
	 * @throws Exception
	 */
	@Override
	protected void configure(HttpSecurity http) throws Exception
		{
			//.loginProcessingUrl("/login")
			// hasRole() 自动添加“ROLE_”前缀
			http
					.authorizeRequests()
					.antMatchers("/admin**")
					.hasAuthority("ROLE_ADMIN")
					.anyRequest()
					.authenticated()
					.and().formLogin()
					.loginPage("/login")// 登录页面地址
					.usernameParameter("username")// 表单参数名称
					.passwordParameter("password")
					.loginProcessingUrl("/login")// 表单提交地址 POST
					.permitAll()
					.and().logout()
					.permitAll()
					.and().csrf().disable();

		}

	/***
	 * 配置Spring Security的Filter链
	 * @param web
	 * @throws Exception
	 */
	@Override
	public void configure(WebSecurity web) throws Exception
		{
			super.configure(web);
		}
}
